Hi Everyone,
We are building Resftful API's with Jersey and would like to create
attributes/annotations to authenticate and authorize users without
additional security code needed in implementing class/method.
We have been using Play for long time but decided to move to Jersey for
several stability problems we encountered in Play. Thus we already have
similar mechanism running in Play Framework 2.2 by using Actions and
Annotations. Please check this link to get some idea how it works
http://www.playframework.com/documentation/2.2.x/JavaActionsComposition
We have a jar package which is implementing security methods of Shiro and
using JDBC salted realm as a storage layer and EnterpriseCachingSession with
memcached for sessions. It works great so far. And we benefit a lot by using
Annotations since it prevent users to make silly mistakes when it comes to
implementing security calls. See below sample which requires few params to
secure entire method (or class)
@Authentication.LoggedIn(isApiClient = false,onlyAllowAdmin =
false,permissionValues = {PermissionsEnum.PERMXXXXX},operator =
Authentication.Operator.AND)
public static List<MetaInfoItem> someMethod(int page, EspType espType) {
...
...
return;
}
We would like to achieve same with Jersey however not sure which is the best
way (or what are the best practices to use Shiro with Jersey).
I really appreciate if you can share your experience and knowledge with me.
Thanks in advance,
ED
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Shiro-and-Jersey-REST-API-integration-Attributes-Annotations-and-Interceptors-tp7580009.html
Sent from the Shiro User mailing list archive at Nabble.com.
